Friday, March 31, 2006

personal Kobielus joins Current Analysis as Principal Analyst for Data Management


I'm pleased to announce that I have joined Current Analysis (Sterling VA) as Principal Analyst in the Data Management module. My coverage area includes business intelligence, master data management, data integration, data warehousing, data mining, data quality, DBMSs, EII, ETL, metadata management, semantics, and compliance.

You can reach me at My work phone numbers are 703-340-8134 and 703-788-3729.

I look forward to speaking with you.


Wednesday, March 29, 2006

fyi IDC: Data Centers Becoming Smaller, Faster


Found content:

My take:

Wha?...wha hoppen?...oh, yeah…the drm sequence….intense….where was I?....oh yeah….that out of the way…did it really?....oh, auntie em....oh well…push the pillow…onto the next….

The term “data center” is becoming more of an oxymoron every day. A vestige of the big iron days. Every corporate IT resource—data, storage, compute power, etc—is becoming more decentralized through SOA, ESBs, platform virtualization, and compute and data grids.

Even those corporations that continue to centralize some mission-critical IT resources are consolidating into increasingly inconspicuous “data centers.” As the referenced article states: “U.S. data centers are starting to look trimmer and run faster thanks to virtualization and automation tools...The number of pieces of data center equipment is also slimming down to include fewer machines. For example, with virtualization, customers can run multiple operating systems on one machine, reducing the number of machines they need to run their businesses.

And these data centers are, when you pry their lids open, becoming internally decentralized through blades and virtualization. Once again, the article states: “Customers concerned about using software to consolidate and automate their computer networks are interested in products from VMware, SWSoft, Xen and Virtual Iron. Blade server systems are another prime example of the shift to more condensed data centers. Where mainframes once ruled the data center roost almost exclusively, smaller blades that slide in and out of chassis are becoming more prevalent these days.”

Increasingly, what we’re seeing is the rise of the virtual data center in most organizations. In this new environment, the data (and storage, CPU, etc.) is decentralized from the get-go, and will often remain that way (never to radically consolidate on a single storage node or location). But the governance of that distributed data—in the form of a corporate-standard master data management (MDM) environment—will tighten.

Data centers have always had a core competency: moving, massing, and mastering corporate operational data. As centers decentralize, the moving and massing of data will permeate every niche of the corporate environment. And it will all--the ubiquiflow of precious content--be tracked, managed, channeled, optimized, and quality-controlled every step of the way through MDM.

All of which is prelude to….


Tuesday, March 21, 2006

personal Jim's Theory of Careers

James Gerard Kobielus. Age 47. Alexandria VA.

Jim’s Theory of Careers

I’ve actually got two theories of careers. One is that careers are just one damn job after another (which sort of sums up my career thus far). Another is that careers are all that—all the zigzags, accidents, and contingencies of opportunities that presented themselves at various points of our lives—but also the story you tell about what it all means, what it’s all amounting to, and what you yourself are amounting to. If anything. I’ve been wondering about this “amounting to” a lot recently. What my accumulated investments are amounting to? What my resume is amounting to, in terms of notches on my demonstrated experience belt? What my bibliography (yes, I’m a much-published technology author) is amounting to in terms of discrete articles, books, and other items under my byline? What my stature in the eyes of my almost-grown children is amounting to? I don’t get a sense, though, that it, my career, is amounting to anything in particular—not in the sense of culminating in some grand flowering accomplishment for all the world to behold. It’s simply spooling out like I’ve always known it would. I’m aging, balding. I’ve had a career, children, a wife. A life.

Sunday, March 05, 2006

imho DRM1


Found content:,aid,124527,00.asp

My take:

DRM is another name for content, culture, and commerce coursing the crazy channels of cash and control in this the extremely early third millennium.

Nobody’s purely on one side or the other in the commerce/content/culture craze that’s consuming our every waking moment. Everybody’s a potential publisher who wants, rightfully, to maintain perpetual control over their creations. And everybody’s a potential consumer who wants free, unfettered access to the whole cornucopic world of overflowing code and content largesse.

Anybody who takes a purely ideological stand against DRM should heed the words of somebody whose commitment to open code/content is unimpeachable: Linux kernel developer Linus Torvalds. In January, Torvalds went on record as opposing the anti-DRM restrictions that have been proposed for GNU General Public License v3, which is used in many open-source projects. Some had proposed that GPLv3 prevent GPL-licensed open-source software from being used in DRM copy-protection software.

Fundamentally, Torvalds—being a software developer—is essentially a publisher. A publisher’s primary interest is in ensuring that their consumers can verify the authenticity and integrity of their published works. That, of course, depends on a crypto feature called “digital signatures.” So the following statement from Torvalds, from his newsgroup, makes perfect sense:
  • "I think it's insane to require people to make their private signing keys available, for example. I wouldn't do it," he wrote. "So I don't think the GPL v3 conversion is going to happen for the kernel."

DRM will soon be everywhere, especially on open-source platforms. And much of the technology we use to control access to our published contents will issue from open-source DRM projects. The “committers” on open-source projects will be the number one proponents of DRM safeguards to ensure that their licenses (however structured—and open-source licenses are among the most complex and byzantine in existence) are enforced everywhere and anywhere their software components roam in cyberspace. And that their authorship of these components is always and everywhere visible, even if they never make a dime from their work. Because creators always insist on due credit being paid for their precious creations.

As creators have done since time immemorial.


imho DRM2


Found content:

My take:

DRM is another name for the doctoral research motherlode that this topic has unleashed.

Everybody’s developing their own DRM dissertation, or so it seems. The referenced article presents Wendy Grossman’s self-described “manifesto,” which consists of several (prescriptive and proscriptive, rather than descriptive) “principles of responsible DRM,” which appear to have been inspired by what she describes as Sony’s “damn-fool rootkit” and “evil deed” (what would the DRM-bashing community do without this new whippingboy media/electronics giant?). Her principles (all of which primarily apply to DRM only in its B2C content license management and anti-piracy application, not to the equally important B2B federated identity and access management side of this topic, which some have referred to as “enterprise rights management” or “identity rights management”) are as follows (I’ve chosen to number them for the sake of easily referring back to individual principles):
  1. “DRM should not violate the user’s computer…. By "violate", I mean the software should not: hide its presence, send back information about either the user or the computer without permission (and what gets sent should be fully auditable by the user), or do other things that, if Sony were a teenaged hacker dressed in black working out of a back bedroom would send it to jail.”
  2. “A company whose DRM breaks the law ought to be fined and treated exactly like a wanton environmental polluter.”
  3. “DRM should respect the public domain. That means it should automatically expire, leaving the content freely accessible, on the date when the work enters the public domain.”
  4. “DRM should not be allowed to apply more restrictions to a work than that same work would have in the analog world.”
  5. “Circumventing DRM should not be a crime (as of course it is under the US's Digital Millennium Copyright Act) in and of itself.”
  6. “Rightsholders who do not incorporate features to allow disabled access should be required to allow third parties to do so.”
  7. “When a new format is adopted and new work begins being released on it, the technical specifications for how to build a reader (and a copy of the player) should be filed in the copyright libraries.”

I’m looking at these responsible-DRM principles and trying to find some core principle that underlies them all. Principles #1 and #2 simply articulate principles of responsible computing, which should cover DRM and other infrastructure and applications technologies. Principles #3, #4, #5, #6, and #7 address aspects of the DRM dilemma: the equitable balancing of the rights of content publishers vs. the rights of content consumers. And, fundamentally, they all derive from a common DRM (prescriptive/proscriptive) principle:

  • Principle of Minimal and Diminishing Restrictions: Content publishers must, to the extent they apply DRM, always license and implement the minimal set of necessary access restrictions on authorized consumers, apply a similar set of restrictions to those enforced in other content-distribution channels, and allow consumers to progressively diminish these restrictions as time, fair-use, and other extenuating circumstances permit.

All of which puts me in mind again of Kim Cameron’s “laws of identity.” Don’t they posit a set of DRM-like laws? Summarizing them again (I first touched on them early in this blog’s life, in December 2004, and then again throughout the first half of 2005), they are (to requote myself paraphrasing Kim):

  • “According to Microsoft/Cameron, IdM systems must gain user consent prior to revealing information identifying the user; disclose the minimum amount of identifying information necessary; limit that disclosure to parties with a need to know; provision public and private identifiers for pointing to users’ identity data; and provide user interfaces that help people avoid revealing personal information to phishing and pharming scams.”

In an “identity metasystem” (Kim’s phrase), who are the “publishers” and “consumers” of this particular type of content (i.e., identity info)? Are the identity providers (IdPs)—in other words, those who register, manage, make assertions about other people’s identities—the “publishers” or “consumers” of identities? IdPs certainly publish identities, and certainly consume this information in order to authenticate users, make assertions about those users, personalize presentation of information to those users? Are the people who the identifiers identify the “publishers” of their identities (in the sense that they opt to let the IdPs republish this info) or “consumers” (in the sense that they use their identity info to login to systems and access various resources by proving possession of information about themselves that many would assert, including Kim Cameron, that they “own”)?

At some fundamental level, we can construe Kim’s principles as being based on the notion that the individual owns, hence publishes, his or her own identity info, and that everybody (the IdPs and the service providers, or relying parties) consumes this info. In which case, Kim’s principles seem diametrically opposed to Grossman’s DRM principles: the “publisher/owner” of identity content (i.e., the identity subject) always reserve the right to apply a maximal and never-diminishing set of restrictions on “consumer/IdP/relying party” access to this content.

Or perhaps both Cameron’s identity-metasystem principles and Grossman’s DRM principles derive from a common, unspoken principle:

  • Principle of Sticking it to "The Man": Each of us should have maximum leverage over resources—such as our own identity information or other people’s published content—that is controlled by big, impersonal, “evil,” “greedy” institutions.

If you believe in demonizing the economic system that sustains us all, and allows all productive classes—including content publishers—to make a decent living from the sweat of brows that squint at monitors all the livelong day.


Saturday, March 04, 2006

imho DRM3


Found content:;jsessionid=MEKV5X5YPUNFSQSNDBCCKH0CJUMEKJVN?articleId=177100842&classroom=

My take:

DRM is another name for a new brand of all-pervading FUD. God, I thought spyware was bad enough. It’s not just the rootkits (a term you can now expect to see evermore preceded by the qualifier “evil” and used as a cultural shorthand for media mind control). It’s something that Andy Dornan alerts us to in his IT Architect column from last month, something that may be the same (I’m not sure) as the “DRM-equipped monitors” that Michel Labelle warns us about (without further details) in another point this DRM blogpost thread. Here’s how Dornan describes a DRM enforcement mechanism that will operate at the device-driver level in Microsoft Windows Vista (an article in which he, incidentally, refers to DRM as something forced upon us all by “those greedy media companies”):
  • “The greatest long-term threat is a hypervisor that enforces DRM, combining the code extensions in Intel's VT or AMD's Pacifica with Trusted Platform Module (TPM) hardware. In the short term, Vista will ‘protect’ video content through driver revocation: Whenever the DRM in a particular model of graphics card is cracked, a security update will disable that card's driver. Anyone who happens to be using the same type of graphics card as a DRM hacker will be left in the dark until a new driver can be written and certified as DRM-compliant.”
Oh...thanks for the detail…let’s parse this now for the benefit of us analytical geeks (I’m just operating from the info presented by Dornan—I haven’t delved deeper into this Vista feature):
  • Microsoft will be able to selectively and unilaterally “revoke” Vista support for graphics-card device drivers.
  • Microsoft may revoke Vista support for a particular model of a graphics-card device driver in cases where somebody/somewhere has “cracked” the Vista-based DRM protections implemented in that card and/or its driver.
  • Microsoft’s partner ecosystem of graphics-card manufacturers are building card and drivers that implement publisher-driven DRM controls governing paying- and non-paying user display of video and other licensed visually-oriented content objects on monitors configured into machines that run Vista.
  • Microsoft is implementing a DRM-busting surveillance program under which it will determine the degree to which particular graphics-card manufacturers’ device/driver DRM approach has been “cracked” and, thereby, poses an imminent vulnerability/threat to video content publishers (including, I suppose Microsoft itself as a publisher) that demands immediate emergency action by Microsoft itself.
  • Microsoft will be able to selectively punish graphics-card manufacturers, their partners, and their customers suddenly, unilaterally, from a central point, and in bulk (i.e., potentially, millions of computers everywhere suddenly/mysteriously “going black") by “turning off” their monitors, for no fault of their own, but, rather, due solely to the fact that some pimple-faced kid in Kazakhstan got too smart for his own good and cracked manufacturer X’s DRM driver technology one lazy Sunday afternoon as part of high-school science-class project.
  • Microsoft is prepared to face the universal wrath of all the aggrieved parties, their lawyers, and the media for this action. I gather or infer from what Andy tells us.

Ponder all of that for a moment. Just think of universal computer blackout. Fear and Uncertainty, in the Dark (FUD). Yeah, that’s what the world needs now, FUD sweet FUD.


Thursday, March 02, 2006

imho DRM4


Found content:

My take:

DRM is another name for the latest perennial news-generating horserace in the IT industry’s daily grind.

DRM is so beautiful from a news fodder standpoint. It gives the intellectual property lawyers, the civil libertarians, the radicals, the anarchists, the “information longs to be free,” the iPod jockeys, the crypto/cipher spooks, and others an issue, technology, trend, lifestyle, etc to flog to death. “DRM is evil.” “No, you’re na├»ve and irresponsible—DRM is good—DRM is inevitable--get with the program.”

Absolutely perfect, if you own, publish, write for, broadcast for, or otherwise participate in the dissemination of current news that touches on tech-qua-tech and/or tech-qua-lifestyle. It gives you a never-ending polarized emotional semi-irrational quasi-high-stakes controversy to cover in perpetuity. And it gives the mouse potatoes of the world an abstract issue whose payoff to them is clear and visceral. “Wow…free music…free movies…free porn….free……..”

Years ago, when I entered this industry, I started compiling a mental list of the IT news-cycle “horseraces” that kept getting press coverage. Here are some of the principal entries on the horserace list: sysops vs. hackers, virus spreaders vs. anti-virus, spammers vs. anti-spam, spyware vs. anti-spyware, closed source vs. open source, Microsoft vs. world, and codemakers vs. codebreakers.

To that list I’ll have to add DRM-builders vs. DRM-busters. Most of the press coverage I’ve seen lately highlights the efforts of the DRM-busters. Such as the referenced article: “Gartner: piece of tape defeats any CD DRM.” Guess what—it’s flogging Sony yet again for the evil XCP rootkit, and pointing out that music on the company’s DRM-protected CDs could be liberated through a common household adhesive strip applied to the outer track. I’m not sure how he could make this claim, but some unnamed Gartner analyst said that “the use of a piece of tape will defeat any future DRM system on audio CDs designed to be played on a stand-alone CD player.” Any future DRM system? How can the analyst be so confident about the inefficacy of all future DRM innovations (does he/she have some sort of supermagical quadrant to consult on techno-futures)?

How about those DRM technologies that leverage whatever miracles (or disasters) come when humanity masters quantum computing (which will inaugurate a codemaking vs. codebreaking horserace the likes of which will blow everybody’s minds, and render public-key cryptography absolutely powerless)?

Can a piece of Scotch tape factor an arbitrarily long number into its prime factors instantaneously? If so, it can defeat any future crypto-based DRM technology.


imho DRM5


Found content (found in my “Sent Items” folder, I’d forwarded it from one of my e-mail accounts to another a few months ago—persistent personal content-of-interest store—an analyst is only as productive as his/her personal library-caches): AnalystViews Weekly Report for Week of 12.22.2005, “Two Rights: The Restriction and Management of Digital Rights”

My take:

DRM is another name for flexible deployment of content-control policy-enforcement logic throughout networks.

The referenced article references another article (September 20005 EContent magazine) that wraps DRM into a larger phenomenon called “enterprise rights management (ERM).” According to the source article (as paraphrased in the referenced article), the “primary objective of these systems is to protect the intellectual property of an enterprise; in the field this is seen as having two components. The first of these is access to the digital asset itself, in the past systems were able to restrict access, but once the material was legally accessed there was little in place to restrict it. Thus maintaining post-access security becomes the second component. Many systems currently in place implement a number of various methods to address the first part of the challenge, asset access, and these range from simple password protection to biometric user verification. More advanced systems are beginning to apply controls which will protect the document post-access, these can prevent electronic screen capturing and the forwarding of files via email, and some can even be linked to peripheral devices to impede the printing or scanning of protected files.”

This brings us back to a notion I introduced earlier in this thread (DRM7, which is actually/paradoxically later in this thread if you follow the virtual scroll from top to bottom, numerically from 1—and you know I’m working up to DRM1—down to the alpha/omega of DRM9—got that?): “DRM is another name for cryptographic containers that wrap content in persistent policies under the control of the content’s creator and/or owner.” That’s another name for “advanced systems are beginning to apply controls which will protect the document post-access, these can prevent electronic screen capturing and the forwarding of files via email, and some can even be linked to peripheral devices to impede the printing or scanning of protected files.” My earliest exposure to these “post-access security” crypto-content-containers was a few years back, in the form of “self-destructing e-mail” systems from the likes of Authentica, Sigaba, and others whose names have self-destructed in my ancient memory.

Which brings me to a critical functional/architectural distinction in DRM (or ERM, whatever you like):

  • Policy enforcement points (PEPs): This refers to any access management portal/proxy/front-end (e.g., CA SiteMinder, IBM Tivoli Access Manager) that authenticates and authorizes users to access/retrieve content “into the clear,” but doesn’t have any power to control what users do with the content once it’s been retrieved into users’ perpetual possession—in other words, this refers to identity and access management (I&AM) as it’s normally understood.
  • Policy enforcement containers (PECs): This refers to (here’s the phrase of mine again): “cryptographic containers that wrap content in persistent policies under the [perpetual] control of the content’s creator and/or owner”—in other words, DRM (and “self-destructing e-mail”) as it’s normally understood.

It’s clear that these architectural approaches differ primarily in where they deploy the access control logic. Which explains why I&AM vendors are, as I blogged on November 4, 2005:

  • “targeting DRM as the next great frontier beyond federation? Or, perhaps, they hope, DRM will leverage and extend their increasingly federated security infrastructures into a distributed permissioning infrastructure where the access-control policy enforcement points (PEPs) are more closely bound to the resources—apps, data, etc.—being protected? Epok’s federated data interchange environment—leveraging XRI and XDI--is one such example. Sun’s “storage encryption” or “storage security” roadmap (see article) is another. As soon as the morning coffee decompresses my wound-up nightfunk, I’m sure I’ll recall the other three dozen vendors I’ve come across recently who have similar roadmaps.DRM drifts and diffuses itself far and wide throughout IdM, security, e-commerce, content publisher, and storage vendors’ end-of-decade dreams. I think a lot of the renewed attention to DRM recently comes from the rash of identity-theft “data breaches” that have grabbed front-page attention. All that data in storage is sitting ducks and buried treasure for those intrepid identity pirates who find the buried map and go with flashlights in the night down into the caverns guarded by semi-reliable genies. Suddenly, encrypting all that stuff in situ—on piled-high disks and tapes and whatnot--becomes the absolute imperative for storage managers everywhere, dictated by the lawyers, bosses, and regulators.To make encryption—an ancient technology that has been used in storage systems for years in various capacities—seem suddenly cool—not simply mandatory--the vendors have started to lump it into the growing DRM umbrella. Acronym creep, equivalent to the vastly expanded scope of SOA in recent years. It’s not storage encryption anymore. It’s storage DRM. It’s breach-busting DRM. It’s federated DRM. It’s a new pipe DRM.”

If this blogpost is getting too self-referential for its own good. If you’re getting dizzy or disturbed by the ever-shifting context. Then I’m with you. I’ve had enough for now. Till DRM4 suggests itself. And it will. I can feel it.


imho DRM6


Found content:

My take:

DRM is another name for heavyweight (or heavy, in the Jack Palance sense of the term) content security, policy, trust, and key management infrastructure that will inevitably be embedded everywhere. It’s the “inevitably” and “everywhere” parts of the DRM dynamic that freak out so many people. The issue is not so much whether some proprietary (Microsoft, Sony, etc.) or standards-based brand of DRM (and federated IdM and access management) infrastructure will provide that inevitably everywhere infrastructure (IEI—an all-long-vowel acronym I just coined to sound like what the skull-boy in Edvard Munch’s “The Scream” is vocalizing).

Some DRM (good and/or bad) IEI will prevail (not going to wager what/when/how, but it’s going to happen). The reason why is because the need for discretionary publisher-driven rights management is perennial and universal, across all platforms, applications, and code/content sources/channels. When a need is this ubiquitous for infrastructure this fundamental, industry forces will push everyone everywhere toward a common reference architecture, which includes general convergence on common functional models, standards, and (increasingly) codebases.

And nothing says IEI and ubiquitous codebases these days better than open source (a la Linux, Apache, etc.), so it’s no surprise that there are several DRM open-source software development projects underway, as the referenced article points out. SunLabs has its DReaM project, and some related projects: Java Stream Assembly and DRM Opera (perhaps it’ll come out with a PsychoDRMa, or Sturm-und-DRM codebase as well).

I haven’t delved into the details of these projects, but I’m encouraged by what someone at SunLabs said to the reporter who wrote the article: “[Glenn Edens, a senior vice president of communications media and entertainment at Sun and director of Sun Labs] sees a bright future for DRM, and said that uses range from personalized management to business uses to medical records to Sarbanes-Oxley compliance. Edens hopes that his company’s open DRM initiative, embodied in DReaM, spreads to the entertainment industry at large, replacing outdated and invasive systems like the one Sony used….’We’ve started a very fruitful dialog with the EFF [Electronic Frontier Foundation],’ [said Edens]. ‘We have been working on a white paper to describe a possible solution to the fair-use issues. The hard question is: ‘How can you have an access and authentication system that also respects fair use?’”

That is exactly the right question to be asking. DRM isn’t evil, any more than password-protected access controls on traditional document management systems are evil. Get over it. And start to investigate how the emerging DRM IEI can be developed with the flexibility to allow [code and/or content] publishers to protect their rights while also allowing [code and/or content] consumers to protect their equally valid rights to those same digital resources.

What’s a fair balance of rights to code/content among publishers and consumers? What’s “fair use”? How can a DRM IEI allow publishers and consumers to continually negotiate the tricky fine line of “fair use,” a concept that will continue to evolve legally and culturally, and will continue to differ, everywhere and always, on a case-by-case basis?